New features, new fixes: OS X Server’s six-month checkup

$19.99 buys you a bit more now than it did in July of 2012.

It has now been roughly half a year since the release of Mountain Lion. If Apple sticks to its new yearly release cadence for new OS X versions, that means we're probably about halfway to OS X 10.9. That doesn't mean the OS has stood still, though—two point updates have since tweaked the operating system's functionality and stability, and this is even more true of OS X's buttoned-up cousin, OS X Server.

While Windows Server rarely picks up major new features outside of service packs, OS X Server is like the client version of OS X in that it sometimes takes a couple of point updates for its features to stabilize. Since July, we've received two point updates for OS X Server, and they've changed things around enough that it merits revisiting our original guide and pointing out what has changed.

We'll be focusing on the major user-facing changes here, but for a complete list of everything that has been changed and fixed you may also want to look at the complete release notes for OS X Server 2.1.1 and 2.2.

DHCP

Enlarge/ The DHCP service is a solid replacement for the one included with most home routers.

Andrew Cunningham

As we've discussed, Lion and Mountain Lion have been slowly migrating features from the older but more feature-rich Server Admin Tools apps to the simpler but more user-friendly Server.app. In that process, several services have gone missing, either removed from the product completely or relegated to the command line.

In the original release, the DHCP service was one of those that had vanished, but it has since been restored to Server.app. Like the other OS X Server services, DHCP is aimed toward people who have some idea of how networking works but don't have much server administration experience.

It's a reasonably capable way to replace your router's built-in DHCP capabilities—it allows you to configure multiple subnets on different physical network interfaces (or VLANs, for Macs with only one physical network interface), configure your DHCP ranges, set DHCP lease time, reserve specific IP addresses for specific clients, and view information on connected clients. Depending on your router's firmware, you may actually have more network configuration options there than OS X gives you, but for homes or small businesses it's nice to have all of these settings available in one simple tool, especially if you're using it in conjunction with the DNS service and don't want to have to jump around between different administration tools.

Profile manager

You can now use Profile Manager to block installation of new Mac App Store apps without blocking updates for existing apps.

Andrew Cunningham

The Profile Manager is one of OS X Server's most useful features, since it allows administrators to control settings and install applications on multiple OS X and iOS clients at once. Between versions 2.0 and 2.2, it has picked up several features that should appeal to IT admins looking to lock their systems down.

Specifically, it restricts access to the Mac App Store: you can restrict your users' access to the store to disallow the purchase and download of new applications while also allowing updates for currently installed applications to come through. Administrators can also now delete applications uploaded to the Profile Manager (which seemed like a strange oversight on Apple's part, but hey, at least it's fixed now).

One other new feature, called the "caching service" in Apple's documentation, exists somewhere between the Profile Manager and the Software Update service: in addition to caching new and past updates for the core Apple software that's part of every OS X install, servers with the Software Update service enabled will download and cache updates to Mac App Store apps you've purchased for your systems, further saving bandwidth if you've purchased apps like Pages or Numbers en masse.

Finally, if your OS X Server and its Open Directory are integrated with a Windows Active Directory server, you can now use your already-configured Active Directory groups in Profile Manager to distribute settings and apps, rather than recreating these groups solely for use with your Macs and iOS devices.

Time Machine

Enlarge/ Time Machine isn't as capable as we'd like it to be, but it gives you much more information than it did before.

The operation of the Time Machine service remains simple: it's an easy way to offer backup services to a handful of Macs in the absence of an external hard drive or a home NAS device. In the updates since launch, the page in Server.app has gotten a bit more useful: you can now see the amount of free space on your backup volumes easily in the Destinations tab, and the Backups tab will show you what machines are backing up to your server, how much space they're using, the owner of the system in question, the encryption status of the backup, and how long it's been since the last backup. With the backup date checking also comes a new server alert, which will tell you when computers connected to your Time Machine server haven't backed up in ten or more days.

Our wish list for the Time Machine service is still quite long—none of this is quite as useful as user- or computer-specific Time Machine disk quotas, server-specified backup intervals, and server-side exceptions for files and folders would be. Given that there was no change in the Time Machine service between 10.7.5 and 10.8.0, however, there are nice (if belated) additions.

Conclusions, and thoughts on the future

You may have noticed that the App Store download for OS X Server is labeled version 2.2, in spite of the fact that OS X Server has been around since before the client version of the software was available to consumers. This refers specifically to Server.app, the simplified administration console introduced in Lion as version 1.0.

As we mused in our original guide, the Server application has now been decoupled from the core operating system, and the two update independently of one another—Server 2.1 was issued at about the same time as the OS X 10.8.2 update, but Server 2.2 was released some months after and there's no version of Server 2.3 slated to come out alongside the imminent OS X 10.8.3 update (at least if Apple's developer site is any indication).

This has a couple of implications, most obviously the fact that you no longer need to install potentially service-breaking updates to Server.app to install the latest OS X security updates on your system—in versions 10.0 through 10.7, OS X Server got its own delta and combo updaters that bundled all of the Server stuff in with fixes for the core OS.

The second (and slightly more speculative) implication is that OS X Server updates may no longer track with updates to OS X itself. We may see a new Server 3.0 app released alongside OS X 10.9 when it comes out later this year, but we may also simply see a new Server 2.x release that ensures all of the existing services continue to work with new Macs. Given the incremental changes and updates between OS X Server 10.7 and 10.8 (and the changes that have continued to trickle in since 10.8.2), we could be looking at a future where OS X Server development is more Chrome-like: progression through relatively frequent but minor updates, rather than large all-at-once pushes for major new features.

At any rate, the changes we've outlined here are just a few of the new things included in the last two OS X Server point updates—plenty of other security and stability tweaks have been made, and they should hopefully prevent you from having some of the scattered stability issues we mentioned in our original guide. Other changes have been made specifically to resolve issues for people who are upgrading to Mountain Lion from an older version of OS X Server—once again, you should check the release notes for update 2.1.1 and 2.2 to see if you've been wrestling with a particular problem that now claims to be solved.

It's nice to see Apple cares about its customers in enterprise/education. I was a little bothered by the holes left in OSX server at Mountain Lion's release, but Apple seems to be doing a good job in adding back the missing features.

I've always lived by 3 simple rules. Normal users don't want Linux on their desktops, they don't want Microsoft in their pockets, and they don't want Apple in their datacenters. I actually do use Linux (Debian 7) on every one of my workstations, but I don't consider myself a normal user.

I got bitten really hard by the 2.1 update. Yes, it brought DHCP back into the Server App, but it came back with it enabled by default! Our network went down because the DHCP service interfered with our actual DHCP server.

So at what point is it (or will it be) worth the trouble of upgrading from Snow Leopard Server?

I don't like to think I'm just sticking to my comfort zone, but for my small offices using SLS, I feel like I'm waiting for something... I just don't kno what.

Anyone with relevant experience know of any important advantages?

If you plan on using the Profile Manager bit to manage iOS devices, that's really the only big "new" feature in 10.7/10.8 that I can think of. The rest of the updates have been about bringing services into Server.app and simplifying them (or neutering them, depending on what you're using the server for).

That said, 10.6 isn't getting new security patches anymore, so beware of that.

I use ML OSX Server for a few things in my home - TM backup device, network server (with ZFS and external disks), VPN endpoint for when I'm on shady wifi networks and then run iTunes and Plex in the background. Knock on wood, its been running fine now for about a month. All my devices back up without complaints - my WD Book Live! device that said it could handle TM backups made my devices complain about corrupted backups once a week.

Time Machine disk quotas seems like a painfully obvious, extremely overdue function. Client Time Machines just grow and a grow until there's no free space on the server. You have to trash the entire Time Machine archive and start over every few weeks or so (or prune the archives manually on each client using the TM galaxy interface)

I've always lived by 3 simple rules. Normal users don't want Linux on their desktops, they don't want Microsoft in their pockets, and they don't want Apple in their datacenters. I actually do use Linux (Debian 7) on every one of my workstations, but I don't consider myself a normal user.

I might agree with you, but as someone who wears many hats at work, one being IT, I find the popular open source solutions horrible from a configuration perspective. (Not sure if the commercial ones are equally bad).

Since I don't do IT stuff full-time, anytime I have to go back and fix or change something I feel like I have to swap a huge portion of my brain to load back in all these crappy, arcane pieces of knowledge.

OpenLDAP, Torque, Kerberos, PAM, NSS, etc.: I hate you.

Dnsmasq is pretty nice to work with, though I fear the day I might need to upgrade to BIND and DHCPD.

From what I've checked out of OS X Server, it seems close to meeting all my needs. If it did, I would buy a Mini just to host it.

Does the new caching service cache all App Store downloads or only Mac App Store downloads? We see an extraordinary amount of data headed from the iOS servers to our user's devices. Especially when iOS updates or iWork for iOS updates are released.

Does the new caching service cache all App Store downloads or only Mac App Store downloads? We see an extraordinary amount of data headed from the iOS servers to our user's devices. Especially when iOS updates or iWork for iOS updates are released.

I'd like to know too. I thought it caches both, which includes system updates since they know come through the app store as well.

Does the new caching service cache all App Store downloads or only Mac App Store downloads? We see an extraordinary amount of data headed from the iOS servers to our user's devices. Especially when iOS updates or iWork for iOS updates are released.

I'd like to know too. I thought it caches both, which includes system updates since they know come through the app store as well.

Maybe Ars is up for some investigatory research (or they have the right people on speed dial)

Does the new caching service cache all App Store downloads or only Mac App Store downloads? We see an extraordinary amount of data headed from the iOS servers to our user's devices. Especially when iOS updates or iWork for iOS updates are released.

According to Apple's release notes, it doesn't touch the iOS app store.

Apple wrote:

[the Caching service] speeds up the download of software distributed by Apple through the Mac App Store. It caches both software updates and purchased apps from the Mac App Store. For more information about the Caching service, choose Server Help in the Help menu.

My problem with Server.app is that SMBX isn't bug-compatible with Windows, in that it maps 'Readonly' to 'user immutable (uchg)' so it's impossible to copy some folders from a Windows client to an OS X server.

Which is a real bummer if you want to use a mac mini to back up with both Time Machine and Windows Backup.

Does the new caching service cache all App Store downloads or only Mac App Store downloads? We see an extraordinary amount of data headed from the iOS servers to our user's devices. Especially when iOS updates or iWork for iOS updates are released.

This is only helpful if I can imagine the poster had any intention of doing so for reasons other than machismo.

What is your business case for having a server specializing in Mac services, that doesn't tolerate Mac hardware? Isn't that kinda oxymoronic?

There are quite a few reasons to want to virtualize OS X Server on non-OS X boxes - the CPU and RAM load for many of the services is negligible, so admins might not want to add a whole separate box (and the physical space and power it consumes) just to provide Apple's services to their network. I imagine this is the main reason why Apple no longer sells an XServe; there's a big push in IT right now to virtualize as many servers as possible to cut hardware replacement/maintenance costs and power usage. Having an entire separate server box just to run Open Directory or run as a NetBoot server or whatever just doesn't make a ton of sense compared to the number of Windows Server or Linux VMs you can cram into one server nowadays.

Also, as much as I like the Mac Mini Server for the price and for its intended use, the thing just doesn't have the hardware monitoring and redundancy features that "real" server hardware provides. I sort of hope that a revamped Mac Pro Server reintroduces some of the server-class stuff we used to see in the XServe, but the moves to simplify 10.7/10.8 Server indicate to me that Apple is surrendering the enterprises and large businesses to its competitors and going after home users/small businesses/educational institutions instead.

The ability to configure/monitor LOM on my 2009 Xserve has been removed. I can use the old Server Monitor app but can't change the IP address. It will only work if LOM is configured before the upgrade. I won't be upgrading unless it's restored. As the Xserve has been discontinued, maybe they don't care.

...the moves to simplify 10.7/10.8 Server indicate to me that Apple is surrendering the enterprises and large businesses to its competitors and going after home users/small businesses/educational institutions instead.

Apple long ago surrendered the business and enterprise market when they switched from PPC to Intel processors, they lost their hardware advantage over Intel. And OS X, even though nicer and more secure, didn't have the developers on their side (but could have).

Apple also never really had the small business market, because more local Windows PC tech support was already established and Apple support was non-existant. Apple rather went after the rich consumer market with stores mostly in high traffic/income retail locations and did everything they could to disrupt the resellers that were catering to education and business purchasers.

Phil Schiller has mentioned that Apple is chiefly concerned with the consumer market, which they claim is about 50% of the total computing market.

Apple has discontinued the Xserver and XRaid, really most serious uses of OS X Server should be moving off, as like Final Cut Pro X and Airport Utility, it's just going to be continually dumbed down to make it easier for consumers to use, which means less fine control over the details.

Right now Apple is really pissing off it's pro user base with 10.7 and 10.8 and closed laptop hardware.

Eventually Apple is going to do something to XServer (like they do with everything else) that will make it a joy for their consumers to use, but raise howls from the more professional users.

So at what point is it (or will it be) worth the trouble of upgrading from Snow Leopard Server?

I don't like to think I'm just sticking to my comfort zone, but for my small offices using SLS, I feel like I'm waiting for something... I just don't kno what.

Anyone with relevant experience know of any important advantages?

In addition to things already mentioned, 10.8 has a really nice WebDav addition to file sharing. This allows your iOS devices to access file shares through the AFP service. Pages on iPad, for example, can open and save documents in home directories or group folders.

So at what point is it (or will it be) worth the trouble of upgrading from Snow Leopard Server? I don't like to think I'm just sticking to my comfort zone, but for my small offices using SLS, I feel like I'm waiting for something... I just don't kno what.

If you only support macs, then probably no problem at all. If you support Windows PCs, you might find yourself installing Samba4

Ehh.. never been overly impressed with OSx server... Managing thousands of accounts has always been just a total cluster... Large managed print services is just lacking to say the least. Profile management is really nice once you get things going. Lack of good offline file support for client/server connectivity has always been a pain...

Its really inexpensive, so that is huge... but I would still say it is still the lowest on my list of recommended server platforms...

So I would say for small to medium businesses its great But large installations with remote branch offices, etc... its really not too friendly. Directory replication alone is kind of kludgy to say the least - the fact that each replica of OD only realistically supports 350 clients or so before showing some possible performance issues really shows a major weakness...

So having a nice interface to manage your server is nice but I still cringe when I see really HUGE OSx server deployments...

I've always lived by 3 simple rules. Normal users don't want Linux on their desktops, they don't want Microsoft in their pockets, and they don't want Apple in their datacenters. I actually do use Linux (Debian 7) on every one of my workstations, but I don't consider myself a normal user.

"Normal users," in my experience, would drool on themselves while saying "durr, wut duz dat meen? im bad wif computers hee hee" if you recited that fun little quote of yours to them. The users I've been stuck dealing with couldn't care less what the fuck it's called (and often don't KNOW what it's called) so long as it takes zero effort or IQ on their part to use.

Andrew Cunningham / Andrew has a B.A. in Classics from Kenyon College and has over five years of experience in IT. His work has appeared on Charge Shot!!! and AnandTech, and he records a weekly book podcast called Overdue.